HP Caught Installing Spyware on Windows 10 PCs Without Permission

This site may earn affiliate commissions from the links on this page. Terms of use.

HP has been caught installing a new telemetry-gathering system on its Windows 10 PCs without informing users it was doing or so requesting permission to gather data. In a recent update (it’s not clear if HP or Microsoft pushed out the software), multiple HP owners have reported the “HP TouchPoint Analytics Client” is connecting on a daily basis to upload various information to HP’s servers.

I noticed that HP secretly installed the program “HP Touchpoint Analytics Client” on all my HP devices on November 20, 2017.

The program connects every day to HP. The files sent can be found under “Program Data/HP/HP Touchpoint Analytics Client/Transfer Interface”.

Image by Detlef Krentz.

Earlier reports posted on BleepingComputer and Reddit date the installation to the middle of November. HP’s own website ironically states that it plans to disable TouchPoint Analytics because it’s rolled that feature into a different type of service. Specifically: “The HP Touchpoint Manager technology is now being delivered as a part of HP Device as a Service (DaaS) Analytics and Proactive Management capabilities. Therefore, HP is discontinuing the self-managed HP Touchpoint Manager solution.” There’s some evidence to suggest laptops are running significantly hotter thanks to this self-installed malware as well.

It’s Time to Nuke These Practices From Orbit

Over the past five years, an increasingly large number of companies have silently decided that every moment you spend on the internet is fair game for monetization and data harvesting. Microsoft has at least pulled back on its telemetry collection, provided you set the level to “Basic,” but many companies and websites have surged ahead with this practice. Facebook thinks it deserves to know where you are at every moment so it can serve you local ads and monetize your willingness to walk in the store. More than 400 websites track every single thing you type or delete on their pages, in real-time. Google has stopped sandboxing its data collection from its DoubleClick advertising business. Verizon now shares personally identifiable information within its own company, which is a huge deal considering it owns a number of web properties and its own abuse of zombie cookies. Vizio was caught uploading user data whether said users had agreed to participate in tracking or not.

There are, to be sure, still companies that clearly indicate what data they collect and offer users the option to opt out of any collection whatsoever, but they’re being overwhelmed. The same companies that would ardently stand up for the idea that intellectual property has value now argue that the most intimate details of your life have no value whatsoever, despite the fact that this information ought to be considered the intellectual property of the person to whom it belongs.

“As a service” has become code for “You don’t actually own anything, and we owe you nothing.” We see it in smart home technology and we’re seeing it here. The problem is not that HP is gathering telemetry; absent a full description of what it’s gathering, we don’t know if the practice is a minor, non-intrusive process that confines itself to error reports and troubleshooting, or an intrusive hoover of PII (personally identifiable information). The problem is that these practices have become so entrenched, Silicon Valley no longer feels it needs permission at all.

PCMag.com has more on uninstalling the service if you’ve been infected by it.